Just to recap, the SBA is an appliance preinstalled with Lync Registrar, Mediation Server and PSTN gateway that provides survivable telephony services to branch users in the event of a WAN outage between the branch and the main data centre hosting the Lync servers. Part 1 of this article provides a walk-thru of the steps for deploying and SBA in a Lync 2013 environment. Part 2 will focus on gathering some test results of SBA failover/failback times as well as telephony performance when used with and without Response Groups. The SBA used for this lab test is the Audiocodes Mediant800 SBA and the phones used are a Polycom CX600 Lync Phone Edition and Polycom VVX600 Lync-Compatible phone handsets. Steps to deploy an SBA are well documented in both TechNet as well as in Audiocodes' installation manual and therefore will not be repeated in detail here. The main focus of this article would be the highlights of this specific lab deployment as well as the test results of the telephony performance. The SE Lync FE server role is virtualized with Hyper-V with 4 Virtual CPU's and 4GB memory.

Upgrading Audiocodes SBA to Lync 2013The Mediant800 used for this article was originally built for a Lync 2010 SBA and thus has to be upgraded to Lync 2013 for this deployment. The upgrade method used in this lab was the USB Upgrade and Recovery procedure. This is a straightforward process and the default settings on the RecoveryUtil.ini file on the USB stick can be used. Obtain the new Lync2013-based .wim image file from Audiocodes and copy it to the USB stick. Then plug the USB stick to the USB port at the back of the Mediant800 and power up. The system should boot from the USB and start the imaging process automatically. Once imaging is complete remove the USB and allow the system to reboot.

Configuring AD and Lync Server for SBA deploymentThe SBA must first be added into AD as a computer object using the AD Users and Computers tool. In this lab our computer object settings are as shown on the right. The Default Admins group is chosen as per default since we are working with the Domain Admin account. Next the computer object must be added as a member of the RTCUniversalReadOnlyAdmins group. Next, we use ADSIEdit to edit the properties of the computer object and set the attribute servicePrincipalName to "HOST/<SBA FQDN> as shown below. Finally we create a new user account belonging to the RTCUniversalSBATechnicians group for performing the Survivable Branch Appliance deployment.

Then next step is to add a Branch Site to the existing Central Site deployment. In Lync Topology Builder, right-click the Branch sites node, and choose New Branch Site to define a new branch site name, site details and then be sure to select the "Open the New Survivable Branch Appliance" wizard before clicking "Finish" to complete the wizard. Immediately, the "Define New Survivable Branch Appliance" wizard will open. Here we enter the FQDN of the SBA, then select the associated FE Pool for the central site:

Next choose the Edge server from the drop down list and then define the PSTN Gateway's FQDN, listening port (default 5067) and SIP Transport Protocol (TLS). The PSTN gateway settings here must match those configured in the M800's built-in PSTN gateway which will be configured later.

After the wizard complete we publish the topology and ensure a successful result. The Lync topology should be similar to the diagram on the left, with the SBA defined along with its mediation pool and PSTN gateway. In then next section we proceed to configure the SBA itself.

Configuring the SBA using the Web-based admin UIBy default after upgrading the SBA from USB Recovery Stick the IP address of the SBA is set to automatically obtain from DHCP. To discover the IP address you can attach a keyboard, mouse and monitor to the SBA and login to Windows 2008 R2 using administrator and password "Pass123". After getting the IP just open a browser and point to the IP address of the SBA and login using the same credentials. The following home screen should be displayed as shown below:

The steps to configure the SBA are as follows:1. Setting IP AddressFirst we need to assign an IP address by clicking on the "IP Settings" link on the left pane to set the IP address of the at least one of the 2 GE ports at the rear of the SBA. This is the network interface which the Lync servers will communicate with.2. Change the Computer NameThis needs to match the name of the SBA defined earlier in the AD as well as the Lync topology. Clicking on the Change Computer Name link on the left pane and the following screen allows you to do this. In this lab the name used is SBA800 as shown below. Cick Apply and reboot the SBA. If you are using IE10 then you need to turn on compatibility mode before rebooting will work otherwise an "Internal Server error" will be displayed and the SBA will not reboot.

3. Change Admin password and set the Date / TimeIt is strong recommended to change the default admin password by clicking "Change Admin Password" on the left pae. Next click on the "Set Date and Time" on the left pane and ensure the SBA's date and time matches that of the Lync server. After this we need to re-login to the web admin UI again.4. Join to a domainAt this stage the SBA is still in WORKGROUP mode so we click on "Join to a Domain" on the left pane and specify the corresponding details for the SBA to join to the Lync server's AD Domain. Note that if you have any problems joining the domain with errors such as not being able to contact the domain controller, disable the internal NIC interface and try again. Reboot the SBA to complete this step.

5. SBA PreparationAfter rebooting the SBA is now a domain member and we can login using the domain admin account to continue setting up the SBA. After logging in there will be additional links on the left pane and we proceed to click on "Device Preparation" and click on "Apply" to setup the local SQL database as well as the core Lync components. No interaction is needed and we just allow the process to complete:

6. CS Database Preparation and ConfigurationThis again is straightforward and we just simply click on "Cs Database Preparation" followed by "Configuration" to continue the installation:

7. Enable Replication and Activate LyncThis is also straightforward and we just simply click on "Enable Replication" followed by "Activate Lync" to continue the installation:

8. Lync CertificateIn this step I used IIS on the Lync FE to create a Domain Certificate with the Subject Name of the SBA's FQDN and export the certificate including the private key using the certificates MMC. Then upload this certificate .pfx file to the SBA in the "Lync Certificate" page:

9. Start Lync ServicesWith the certificate uploaded successfully we next click on "Start Lync Services" and then proceed with the next stage.PSTN Gateway ConfigurationImportant note: This section does not contain all the necessary steps to configure the SBA in real PSTN environment as the lab does not have any T1/E1 connections. Readers looking for production deployment guidance should refer to the official Audiocodes documentation. This section only shows the steps necessary to get Lync phones working in a simulated branch office environment -ie registering to the SBA, calling users in main site and branch resilience.Before beginning with configuring the built-in PSTN gateway, we need to ensure that the IP address has been properly assigned and published as per Lync topology earlier with the necessary DNS A record for the gateway eg. lwgw.domain.com. To assign the IP address we connect a LAN cable from a PC to one of the GE LAN ports on the front of the SBA and open a browser to connect to default IP address of the GW which is 192.168.0.2. The default login is Admin/Admin and the home page during 1st login is shown below.

Next we navigate to VoIP->Network->IP Settings on the left pane to set the IP address, Default GW and DNS Server as shown below. We also need to select the WAN Interface from the drop down list. After clicking on "Apply" we have the click the "Burn" button at the top of the page to save the configuration. The device will reboot and we can disconnect the PC and reconnect the SBA to the network.

Next, opening a browser to the new IP address of the GW we can configure the mediation server and other SIP settings required for the SBA to work correctly with Lync. We configure the mediation server as the proxy without registration under the VoIP->SIP Definitions->Proxy & Registration on the left pane. We need to define the Proxy settings as well as the Proxy Sets Table, which should contain two entries for the mediation servers on the SBA and on the main FE Pool. The parameters for this lab are shown in the diagrams below:

Next we navigate to VoIP->GW and IP to IP->Routing->Alternative Routing Reasons to set the 503 redirect to mediation server at main FE pool should the SBA's mediation service is unavailable. Then in the VoIP->SIP Definitions->General Parameters page we set the Fake Retry After parameter to 60 secs. This is followed by another "Burn" operation to save the configuration.

To simplify the lab setup we are using TCP SIP Transport between the PSTN GW and the Mediation Servers so in topology builder we need to enable TCP port 5068 for the listening port on both mediation servers. This will eliminate the need to obtain certificates for the PSTN GW but note that Microsoft recommends using TLS instead of TCP and in a real production system TLS must be used and the relevant certificates obtained for the PSTN GW. To configure the SIP Transport to use TCP we navigate to VoIP->SIP Definitions->General Parameters and se the SIP Transport Type to TCP port 5068 as shown below:

The final step in this lab for configuring the PSTN GW on the SBA is the Early Media support that Lync requires. These parameters are found in the VoIP->SIP Definitions->General Parameters page:

and in the Advanced Parameters page (for the Enable Early 183):

Finishing Setup of SBAWith the PSTN Gateway settings done, we return to the SBA Web Admin UI and click "Complete Setup" on the left pane. On the SBA Home Page we should see all services having a green check-mark and the CMS database location is defined:

This concludes Part 1 of this article. In part 2 we will register LPE and Polycom VVX Lync compatible phones to the SBA to test connectivity and failover.

Assuming no Active Directory controller on site where the SBA is located, and Polycom CX600 phones connected to PC's using USB cables, what happens when the WAN goes down and someone tries to log into their PC and connect the PC LYNC client to the phone? Itw ill request AD credentials and fail, so then what, log into the CX600 manually?

Make sure your SBA is joined to the domain and you are logged into the SBA with an account that has CsAdministrator role

Reply

Kenneth

5/9/2017 02:40:53 am

Hi,

I have a problem in MCS certificate configuration. the error show:
.......................Command execute failed: The computer does not need a certificate for the usage type Default. Check the services and components hosted on this computer.